Backport of Fix policy lookup to allow for slashes into release/1.16.x (#18372)

* backport of commit 1a9cded960965d615a3a2146a4fef656839b1e34

* backport of commit cfec746d8b2d0b47b4aa66c951defa135f8791de

* backport of commit 8a9db4cffc557641f9209770c6134086f25322af

* backport of commit ac13bf16d6b5f853c26003cf088ff03988d8e235

---------

Co-authored-by: Jeremy Jacobson <jeremy.jacobson@hashicorp.com>
This commit is contained in:
hc-github-team-consul-core 2023-08-03 16:43:45 -04:00 committed by GitHub
parent d1a52f31a2
commit 44ef42b4c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 100 additions and 2 deletions

View File

@ -6,6 +6,7 @@ package agent
import (
"fmt"
"net/http"
"net/url"
"strings"
"github.com/hashicorp/consul/acl"
@ -145,6 +146,12 @@ func (s *HTTPHandlers) ACLPolicyCRUD(resp http.ResponseWriter, req *http.Request
}
func (s *HTTPHandlers) ACLPolicyRead(resp http.ResponseWriter, req *http.Request, policyID, policyName string) (interface{}, error) {
// policy name needs to be unescaped in case there were `/` characters
policyName, err := url.QueryUnescape(policyName)
if err != nil {
return nil, err
}
args := structs.ACLPolicyGetRequest{
Datacenter: s.agent.config.Datacenter,
PolicyID: policyID,

View File

@ -45,9 +45,17 @@ func GetTokenAccessorIDFromPartial(client *api.Client, partialAccessorID string)
}
func GetPolicyIDFromPartial(client *api.Client, partialID string) (string, error) {
if partialID == "global-management" {
return structs.ACLPolicyGlobalManagementID, nil
// try the builtin policies (by name) first
for _, policy := range structs.ACLBuiltinPolicies {
if partialID == policy.Name {
return policy.ID, nil
}
}
if policy, ok := structs.ACLBuiltinPolicies[partialID]; ok {
return policy.ID, nil
}
// The full UUID string was given
if len(partialID) == 36 {
return partialID, nil

83
command/acl/acl_test.go Normal file
View File

@ -0,0 +1,83 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package acl
import (
"fmt"
"io"
"testing"
"github.com/hashicorp/consul/agent"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/testrpc"
"github.com/stretchr/testify/require"
)
func Test_GetPolicyIDByName_Builtins(t *testing.T) {
t.Parallel()
a := agent.StartTestAgent(t,
agent.TestAgent{
LogOutput: io.Discard,
HCL: `
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
initial_management = "root"
}
}
`,
},
)
defer a.Shutdown()
testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
client := a.Client()
client.AddHeader("X-Consul-Token", "root")
for _, policy := range structs.ACLBuiltinPolicies {
name := fmt.Sprintf("%s policy", policy.Name)
t.Run(name, func(t *testing.T) {
id, err := GetPolicyIDByName(client, policy.Name)
require.NoError(t, err)
require.Equal(t, policy.ID, id)
})
}
}
func Test_GetPolicyIDFromPartial_Builtins(t *testing.T) {
t.Parallel()
a := agent.StartTestAgent(t,
agent.TestAgent{
LogOutput: io.Discard,
HCL: `
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
initial_management = "root"
}
}
`,
},
)
defer a.Shutdown()
testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
client := a.Client()
client.AddHeader("X-Consul-Token", "root")
for _, policy := range structs.ACLBuiltinPolicies {
name := fmt.Sprintf("%s policy", policy.Name)
t.Run(name, func(t *testing.T) {
id, err := GetPolicyIDFromPartial(client, policy.Name)
require.NoError(t, err)
require.Equal(t, policy.ID, id)
})
}
}